package com.corpcredit.security;

import java.util.Iterator;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.vote.AccessDecisionVoter;

public class PermissionVoter implements AccessDecisionVoter
{
    //~ Instance fields ================================================================================================

    protected static final Log log = LogFactory.getLog( PermissionVoter.class );
    private String permissionPrefix = "PERMISSION_";

    //~ Methods ========================================================================================================

    public String getPermissionPrefix() {
        return permissionPrefix;
    }

    /**
     * Allows the default permission prefix of <code>Permission_</code> to be overriden.
     * May be set to an empty value, although this is usually not desireable.
     *
     * @param rolePrefix the new prefix
     */
    public void setPermissionPrefix(String permissionPrefix) {
        this.permissionPrefix = permissionPrefix;
    }
    public boolean supports(ConfigAttribute attribute) {
        if ((attribute.getAttribute() != null) && attribute.getAttribute().startsWith(getPermissionPrefix())) {
            return true;
        }
        else {
            return false;
        }
    }

    /**
     * This implementation supports any type of class, because it does not query
     * the presented secure object.
     *
     * @param clazz the secure object
     *
     * @return always <code>true</code>
     */
    public boolean supports(Class clazz) {
        return true;
    }

    public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
        int result = ACCESS_ABSTAIN;
        Iterator iter = config.getConfigAttributes().iterator();

        while (iter.hasNext()) {
            ConfigAttribute attribute = (ConfigAttribute) iter.next();

            if (this.supports(attribute)) {
                result = ACCESS_DENIED;

                GrantedAuthority[] authorities = authentication.getAuthorities();
                // Attempt to find a matching granted authority
                for (int i = 0; i < authorities.length; i++) {
                    if(log.isDebugEnabled())
                    {
                        log.debug( "attribute: " + attribute.getAttribute());
                        log.debug( "authority: " + authorities[i].getAuthority() );
                    }
                    if (attribute.getAttribute().equals(authorities[i].getAuthority())) {
                        return ACCESS_GRANTED;
                    }
                }
            }
        }

        return result;
    }
}
